Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 22

Thread: Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

  1. #11
    Join Date
    Aug 2006
    Location
    Somewhere in the hell
    Beans
    294
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

    After the publishing of the vulnerability, I do some study on this and find something that you may interested in.

    The affected Linux kernel is from 3.0.8 to 3.7.9 that including Ubuntu 12.04 LTS and 12.10 as well as the 13.04 which is under development at the moment. Fortunately, it is fixed on the version 3.5.0-25.39. However, be keep in mind that the PPA versions may be not fixed yet.

    Samiux

  2. #12
    prodigy_ is offline May the Ubuntu Be With You!
    Join Date
    Mar 2008
    Beans
    1,219

    Re: Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

    Quote Originally Posted by samiux View Post
    The affected Linux kernel is from 3.0.8
    I suppose you specifically mean kernel distributed with Ubuntu. Because the commit that caused this vulnerability wasn't merged into the vanilla Linux kernel until 3.3.
    Last edited by prodigy_; March 3rd, 2013 at 06:41 PM. Reason: I seriously doubt that 3.2-based installations of12.04 are actually affected.

  3. #13
    Join Date
    Aug 2006
    Location
    Somewhere in the hell
    Beans
    294
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

    Quote Originally Posted by prodigy_ View Post
    I suppose you specifically mean kernel distributed with Ubuntu. Because the commit that caused this vulnerability wasn't merged into the vanilla Linux kernel until 3.3.

    Though it's a bit disappointing that Canonical security team is apparently not up to the task of checking what they backport.
    I don't think this statement is correct. Please refer to the "Reference" at my blog, it mentioned that the kernel range that affected.

    Edit :

    Latest learnt that kernel version 2.6.x are also affected.

    Samiux
    Last edited by samiux; March 3rd, 2013 at 06:45 PM. Reason: Add "Edit"

  4. #14
    Join Date
    Jan 2012
    Beans
    753

    Re: Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

    Quote Originally Posted by samiux View Post
    Fortunately, it is fixed on the version 3.5.0-25.39. However, be keep in mind that the PPA versions may be not fixed yet.
    Hm... The most recent in the PPA for me is 3.5.0-21-generic. Where can I find a PPA with a more up-to-date kernel version? Because *buntu seems to be lagging behind in everything...

  5. #15
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

    This isn't a PPA, but you can get the latest kernels here. Unfortunately there is no automagic updates from there, and you have to manually install the files yourself.

  6. #16
    Join Date
    Aug 2006
    Location
    Somewhere in the hell
    Beans
    294
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

    Quote Originally Posted by Stonecold1995 View Post
    Hm... The most recent in the PPA for me is 3.5.0-21-generic. Where can I find a PPA with a more up-to-date kernel version? Because *buntu seems to be lagging behind in everything...
    I think 3.5.0-21 is not from PPA.

    You can upgrade to the latest kernel in your distribution, you can :

    Code:
    sudo apt-get update
    sudo apt-get dist-upgrade
    Samiux

  7. #17
    Join Date
    Jan 2012
    Beans
    753

    Re: Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

    Is 3.5.0-27-generic affected?

  8. #18
    Join Date
    Aug 2006
    Location
    Somewhere in the hell
    Beans
    294
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

    Quote Originally Posted by Stonecold1995 View Post
    Is 3.5.0-27-generic affected?
    Where did you get this kernel?

    As far as I know, the latest kernel for Ubuntu 12.04 LTS and 12.10 is 3.5.0-25 which is fixed the problem.

    Samiux

  9. #19
    Join Date
    Jan 2012
    Beans
    753

    Re: Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

    Quote Originally Posted by samiux View Post
    Where did you get this kernel?

    As far as I know, the latest kernel for Ubuntu 12.04 LTS and 12.10 is 3.5.0-25 which is fixed the problem.

    Samiux
    Code:
    deb http://ppa.launchpad.net/kernel-ppa/pre-proposed/ubuntu quantal main
    deb-src http://ppa.launchpad.net/kernel-ppa/pre-proposed/ubuntu quantal main
    For some reason, it doesn't always seem to give me automatic updates, so I have to do apt-get update and then type "sudo apt-get install linux-linux-headers-3.5.0-2" and then press tab twice so I get a list of packages that match that, and install any newer version there is.

  10. #20
    Join Date
    Jan 2012
    Beans
    753

    Re: Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

    Does anyone know if there's non-PoC exploit source code anywhere (aside from on the deep web)? The PoC I found only worked on a few Fedora kernels, and didn't do much. Is there a version that works on most/all Linux distros with the vulnerable kernels? I don't want to find it for malicious purposes, but because I want to test it on a few machines I have that run Linux (like my Kindle) to see if they're vulnerable.

    If I'm not allowed to ask this then I appologise, please delete my post.

Page 2 of 3 FirstFirst 123 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •